Privacy-preserving computer forensics framework
Computer forensics and privacy preservation are conflicting fields in computer security. Computer forensics tools essentially image and analyze all the data found in a targeted investigation. In contrast, privacy preservation techniques are used to protect a data owner private identity, information,...
Saved in:
| Main Author: | |
|---|---|
| Format: | Thesis |
| Language: | English |
| Published: |
2015
|
| Subjects: | |
| Online Access: | http://psasir.upm.edu.my/id/eprint/57138/1/FSKTM%202015%2020RR.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | Computer forensics and privacy preservation are conflicting fields in computer security. Computer forensics tools essentially image and analyze all the data found in a targeted investigation. In contrast, privacy preservation techniques are used to protect a data owner private identity, information, and/or activities from any unauthorized access, use,or disclosure. Thus, there is a need to balance these two conflicting fields. In other words,there is a tremendous need to find a lawful and fair computer forensics solution thatr the past decade,the conflict between privacy preservation and computer forensics has been investigated in several studies. However, the solutions proposed by previous researchers are not efficient and lawful as well as they did not provide a sufficient analysis. The objective of this research is to propose a computer forensics framework to preserve the privacy of data owners in an efficient and lawful manner while providing sufficient digital evidence analysis. Computer forensics privacy levels and policies are specified to help improve used for providing an efficient imaging and analysis. The private data are encrypted using an advanced encryption system (AES). Advanced forensic format 4 (AFF4) is used as a container for the imaged relevant data. The framework is implemented to ensure that it is workable and measure its efficiency. A qualitative evaluation method was used to evaluate both the lawfulness of the framework and sufficiency of the analysis by observing these criteria. Moreover, other related work was implemented to compare with the proposed framework. The results obtained show that the proposed framework satisfies all the required features for having a lawful solution, provides efficient imaging and analysis as well as sufficient analysis. It can be concluded that the proposed framework has several advantages compared to the other related works, namely an efficient and lawful method for selective imaging and analysis, and sufficient analysis. It also provides a forensics sound and flexible solution with a distributed analysis. |
|---|